Scalar FunctionsLogging Functions
log_template_regex
Generates a regex pattern that matches log lines with the same structural template. Variable tokens (numbers, UUIDs, IPs, hex, quoted strings) are replaced with regex wildcards while literal text is preserved. The output is designed for use with `matches regex` to leverage bloom filter optimization.
Syntax
log_template_regex(source)See Regex Syntax for the full regular expression reference.
Parameters
Prop
Type
Returns: string
Examples
Example 1
print log_template_regex("raid on monastery 793 from 10.0.0.1")| print_0 (string) |
|---|
| ^raid on monastery \d+(?:.\d+)?(?:[eE][+-]?\d+)? from \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$ |
log_template_hash
Computes a hash of the structural log template, for grouping similar logs without allocating the template string. Equivalent to hashing the output of extract_log_template, but with zero heap allocations.
current_table
Returns the table name for the current row. Used internally by the search operator.